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The Chief Executive 
All Authorized Institutions 


Dear Sir/Madam, 


Principles for Operational Resilience and Revised Principles for Sound 
Management of Operational Risk 


I am writing to draw to your attention that on 31 March 2021 the Basel Committee 
on Banking Supervision (“BCBS”) issued two sets of principles, viz., the 
Principles for Operational Resilience (“POR”)! and the Revised Principles for 
Sound Management of Operational Risk (“Revised PSMOR’’)’, amid the Covid- 
19 pandemic which has made operational resilience and mitigating operational 
risk in banks even more important. 


POR 


The BCBS observed that while much has been done since the Global Financial 
Crisis of 2007-2009 to strengthen banks’ financial resilience, more work is 
necessary to improve banks’ ability to withstand significant operational 
disruptions (including those arising from pandemics, technology failures, and 
natural disasters). It has therefore issued the POR, which contains a new set of 
principles aimed at improving banks’ operational resilience. The BCBS defines 
operational resilience as the ability of banks to deliver critical operations through 
disruptions, which requires banks to remain within their tolerance for disruption 
under a range of severe but plausible scenarios. 


As noted within the POR, operational resilience is an outcome that benefits from 
the effective management of operational risk. Besides this, the POR also 
provides guidance in the following areas, including: governance, business 
continuity planning and testing, mapping interconnections and interdependencies, 
third-party dependency management, incident management, and management of 
information and communication technology (ICT)-related risks. 


| Please see https://www.bis.org/bcbs/publ/d516.htm 
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The HKMA notes that many of the concepts and requirements within the POR are 
already covered in its existing supervisory guidance’. The HKMA is nonetheless 
considering the need to provide additional guidance to implement the new 
principles in Hong Kong. 


Revised PSMOR 


Incorporated in the Revised PSMOR are: (1) further guidance to improve the 
overall clarity of existing principles; (11) updates where needed in the areas of 
change management and ICT management; and (111) changes to ensure consistency 
with the new operational risk framework in the 2017 Basel III final package. 
Elements of the revised PSMOR, which cover governance, risk management 
environment, ICT, business continuity planning and the role of disclosure, should 
be viewed as integrated components of the operational risk management 
framework and the overall risk management framework (including operational 
resilience) of banks. 


Als are expected to implement the Revised PSMOR as soon as practicable. To 
assist Als in the process, the HKMA plans to provide relevant guidance through 
revising SPM module OR-1 on Operational Risk Management and will consult 
the industry about the proposed revisions in due course. In the meantime, Als 
are strongly recommended to familiarise themselves with the revised requirements, 
and prepare for any system changes that may be necessary for the implementation 
of the Revised PSMOR. 


Should you have any questions, please feel free to contact Ms Joanna Chan on 
2878 8694 relating to the POR or Mr Andy Cheung on 2878 1022 relating to the 
Revised PSMOR. 


Yours faithfully, 


Daryl Ho 
Executive Director (Banking Policy) 


cc: The Chairperson, The Hong Kong Association of Banks 
The Chairperson, The DTC Association 
FSTB (Attn: Ms Eureka Cheung) 


3 For example, these include the Supervisory Policy Manual modules “TM-G-1 General Principles for 
Technology Risk Management’, “TM-G-2 Business Continuity Planning’, “OR-1 Operational Risk 
Management” and “SA-2 Outsourcing”, as well as “Cyber Resilience Assessment Framework 2.0”. 


